我已使用oci_connect连接到oracle,但出现此错误:
警告:mysqli_real_escape_string()期望参数1为mysqli,资源在
中给出
所以我正在尝试更改mysqli_real_escape_string()以与oci合作...
这是我的代码:
$condition = '';
$query = explode(" ", $_GET["search"]);
foreach($query as $text)
{
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
}
$condition = substr($condition, 0, -4);
$sql_query = "SELECT * FROM TBL_VIDEO WHERE " . $condition;
$result = oci_parse($connect, $sql_query);
oci_execute($result);
if(oci_num_rows($result) > 0)
答案 0 :(得分:1)
我使用以下功能。绝大多数人肯定首选准备好的语句,但这是一个很好的选择:
<?php
function mysql_escape_mimic($inp) {
if(is_array($inp))
return array_map(__METHOD__, $inp);
if(!empty($inp) && is_string($inp)) {
return str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $inp);
}
return $inp;
}
所以您将替换此行:
$condition .= "VIDEO_TITLE LIKE '%".mysqli_real_escape_string($connect, $text)."%' OR ";
具有:
$condition .= "VIDEO_TITLE LIKE '%".mysql_escape_mimic($connect, $text)."%' OR ";
我是从这里借来的:http://php.net/manual/en/function.mysql-real-escape-string.php#101248